Thread

  1. Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement

    Akshay Joshi <akshay.joshi@enterprisedb.com> — 2025-10-16T11:47:22Z

    On Thu, Oct 16, 2025 at 2:45 PM jian he <jian.universality@gmail.com> wrote:
    
    > hi. I still can not compile your v2.
    >
    > ../../Desktop/pg_src/src1/postgres/src/backend/utils/adt/ruleutils.c:
    > In function ‘get_formatted_string’:
    >
    > ../../Desktop/pg_src/src1/postgres/src/backend/utils/adt/ruleutils.c:13770:9:
    > error: function ‘get_formatted_string’ might be a candidate for
    > ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
    > 13770 |         appendStringInfoVA(buf, fmt, args);
    >       |         ^~~~~~~~~~~~~~~~~~
    > cc1: all warnings being treated as errors
    >
    
    I’m relatively new to PostgreSQL development. I’m working on setting up the
    CI pipeline and will try to fix all warnings.
    
    >
    > Maybe you can register your patch on https://commitfest.postgresql.org/
    > then it will run all CI tests on all kinds of OS.
    >
    > row security policy qual and with_check_qual can contain sublink/subquery.
    > but pg_get_expr can not cope with sublink/subquery.
    >
    > see pg_get_expr comments below:
    >  * Currently, the expression can only refer to a single relation, namely
    >  * the one specified by the second parameter.  This is sufficient for
    >  * partial indexes, column default expressions, etc.  We also support
    >  * Var-free expressions, for which the OID can be InvalidOid.
    >
    > see commit 6867f96 and
    >
    > https://www.postgresql.org/message-id/flat/20211219205422.GT17618%40telsasoft.com
    >
    > I guess (because I can not compile, mentioned above):
    > "ERROR:  expression contains variables"
    > can be triggered by the following setup:
    >
    > create table t(a int);
    > CREATE POLICY p1 ON t AS RESTRICTIVE FOR ALL
    > USING (a IS NOT NULL AND (SELECT 1 = 1 FROM pg_rewrite WHERE
    > pg_get_function_arg_default(ev_class, 1) !~~ pg_get_expr(ev_qual, 0,
    > false)));
    > SELECT pg_get_policy_ddl('t', 'p1', true);
    >
    
    The above example works fine with my patch
    [image: Screenshot 2025-10-16 at 5.08.10 PM.png]
    
    
    >
    > You can also check my patch at
    > https://commitfest.postgresql.org/patch/6054/
    > which similarly needs to build the POLICY definition for reconstruction.
    >
    > see RelationBuildRowSecurity, checkExprHasSubLink also.
    >